CVE-2025-7361

Published: Jul 29, 2025Modified: Jun 17, 2026

8.5

Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: security@ni.com (Secondary)

Description

A code injection vulnerability due to an improper initialization check exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI using a CIN node. This vulnerability affects 32-bit NI LabVIEW 2025 Q1 and prior versions. LabVIEW 64-bit versions do not support CIN nodes and are not affected.

Affected (24)

Products: Ni: Labview

1 product

Labview

Configuration A

24 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ni Labview	Up to 2021
Ni Labview	Version 2022 q1
Ni Labview	Version 2022 q3
Ni Labview	Version 2022 q3_patch1
Ni Labview	Version 2022 q3_patch2
Ni Labview	Version 2022 q3_patch4
Ni Labview	Version 2022 q3_patch5
Ni Labview	Version 2023 q1
Ni Labview	Version 2023 q3
Ni Labview	Version 2023 q3_patch1
Ni Labview	Version 2023 q3_patch2
Ni Labview	Version 2023 q3_patch3
Ni Labview	Version 2023 q3_patch4
Ni Labview	Version 2023 q3_patch5
Ni Labview	Version 2023 q3_patch6
Ni Labview	Version 2024 q1
Ni Labview	Version 2024 q1_patch1
Ni Labview	Version 2024 q3
Ni Labview	Version 2024 q3_patch1
Ni Labview	Version 2024 q3_patch2
Ni Labview	Version 2024 q3_patch3
Ni Labview	Version 2025 q1
Ni Labview	Version 2025 q1_patch1
Ni Labview	Version 2025 q1_patch2

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (1)

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/code-injection-vulnerability-in-ni-labview-using-cin-nodes.html

Source: security@ni.com

Vendor Advisory

Timeline

No history available yet.